Eduardo Lúcio
LightBase Consultoria em Software Público
+55-61-3347-1949 - http://brlight.org - Brasil-DF
Software livre! Abrace essa idéia! 
"Aqueles que negam liberdade aos outros não a merecem para si mesmos."
Abraham Lincoln
Hi there,
On Sun, 26 Jan 2020, Eduardo Lúcio Amorim Costa via clamav-users wrote:
> Is it correct to assume that the "clamd@scan" service, once started, can
> find threats that already exist on my server? ...
Your question says: "can find" - Strictly speaking, yes this is correct.
But the question and my answer need some qualification.
> ... Is it correct to assume that the "clamd@scan" service in its
> normal operation will eventually find that threat and notify me
> (log, mail, etc...)?
"will eventually find" - No, this is certainly not correct. You need
(1) Something which will show it to clamd. This is 'running a scan',
there is more than one way to do it.
Consider also the probability that ClamAV will find a threat even if
you know it is there somewhere. This is not magic. In the end it all
boils down to a comparison operation. So you also need
(2) Something which causes clamd to detect the threat _if_ it sees it.
This is either a signature in a database, or some ClamAV code.
My estimate is that on a good day you have about a one in three chance
that ClamAV will find a random threat. There are not-so-good days, we
call them "zero days", on which you have no chance at all; and unless
something is done to cause ClamAV to recognize that threat (either by
a change to a database, or to the code) ClamAV will never detect it -
no matter how many times it sees it.
Please spend some quality time with the documentation.
--
73,
Ged.
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml